cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alessio Soldano <asold...@redhat.com>
Subject AbstractUsernameTokenAuthenticatingInterceptor.createSubject principal ordering
Date Mon, 20 May 2013 08:10:12 GMT
Hi,
the AbstractUsernameTokenAuthenticatingInterceptor comes with the
following abstract method:

/**
     * Create a Subject representing a current user and its roles.
     * This Subject is expected to contain at least one Principal
representing a user
     * and optionally followed by one or more principal Groups this user
is a member of.
     * It will also be available in doCreateSecurityContext.
     * @param name username
     * @param password password
     * @param isDigest true if a password digest is used
     * @param nonce optional nonce
     * @param created optional timestamp
     * @return subject
     * @throws SecurityException
     */
    protected abstract Subject createSubject(String name,
                                    String password,
                                    boolean isDigest,
                                    String nonce,
                                    String created) throws
SecurityException;


the javadoc implies that the ordering of principals in the returned
subject is relevant and as a matter of fact there's a check in
'setSubject' method relying on that (that is on the assumption that the
user principal is the first one).
Would it make sense here / not break anything to relax the ordering
requirement a bit (to skip group principals that might be before the
actual principal) and change the check for example as in
http://pastebin.com/0T9mVbj3 ? This might grant some flexibility to
implementors of that abstract method.

Thanks
Alessio


-- 
Alessio Soldano
Web Service Lead, JBoss

Mime
View raw message